Method and apparatus for access to user-specific encryption information

US 6,229,894 B1
Filed: 07/14/1997
Issued: 05/08/2001
Est. Priority Date: 07/14/1997
Status: Expired due to Term

First Claim

Patent Images

1. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to process a request for access to user specific encryption information of one of the plurality of end-users, the method comprises the steps:

a) receiving, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;

one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;

b) determining authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and

c) providing the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus for accessing user specific encryption information is accomplished upon receiving a request for access to user specific encryption information from a requesting entity. Based on the identity of the requesting entity and/or the type of request, a server determines the requesting entity'"'"'s authorized level of access to user specific encryption information. Based on the authorized level of access, the requesting entity is provided with controlled access to the user specific information.

300 Citations

28 Claims

1. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to process a request for access to user specific encryption information of one of the plurality of end-users, the method comprises the steps:
- a) receiving, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;
  
  one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
  
  b) determining authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
  
  c) providing the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method for claim 1 further comprises:
3. The method of claim 1, wherein, when the requesting entity is the one of the plurality end-users, step (b) further comprises determining the level of access of the one of the plurality of end-users to be receipt of at least one long term decryption key;
- and wherein step (c) further comprises providing the at least one long term decryption private key to the one of the plurality of end-users.
4. The method of claim 1, wherein, when the requesting entity is the system administrator of the secure system, step (b) further comprises determining the level of access of the system administrator to be receipt of at least one long term description key, and wherein step (c) further comprises providing the at least one long term decryption private key to at least one of:
- the one of the plurality of end-users and the system administrator.
5. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of at least one long term decryption key of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the long term decryption private key of the one of the plurality of end-users users, wherein the providing is done via at least one of an online communication and a store-and-forward communication.
6. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of a session key of a particular communication of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the session key of a particular communication of the one of the plurality of end-users, wherein the particular communication is at least one of an online communication and a store-and-forward communication.
7. The method of claim 6 further comprises:
- providing a symmetric key encrypted using a public key of the one of the plurality of end-users as the session key, wherein the symmetric key is provided to the requesting entity as at least one of;
  
  clear symmetric key, encrypted session key using a public key of the requesting entity, and encrypted using a unique symmetric key that is known by the server and the requesting entity.
8. The method of claim 1, wherein, when the requesting entity is the third party not affiliated with the secure system, step (b) further comprises determining the level of access of the third party to be receipt of plain text of a particular communication of the one of the plurality of end-users;
- and wherein step (c) further comprises providing the plain text of a particular communication of the one of the plurality of end-users when the third party provided ciphertext with a wrapped key, wherein the providing is done via at least one of an online communication and a store-and-forward communication.
9. The method of claim 1 further comprises:
- receiving the request from a third party, wherein the request is requesting the user specific encryption information for a specific period of time;
  
  interpreting time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
  
  providing the third party with the controlled access to the user specific encryption information for encrypted communications that occur within the specific period of time.

10. In a secure system that includes a server and a plurality of end-users, wherein the server stores a copy of long term decryption private keys for each of the plurality of end-users, a method for the server to recover user specific encrypted information of one of the plurality of end-users, the method comprises the steps of:
- a) receiving, from a requesting entity, a request for recovery of the user specific encrypted information, wherein the request is requesting the user specific encryption information for a specific period of time, and wherein the requesting entity includes at least one of;
  
  one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
  
  b) determining authorized level of access to the user specific encrypted information based on at least one of;
  
  identity of the requesting entity and the request;
  
  c) interpreting time stamp information that has been embedded in encrypted communications of the one of the plurality of end-users; and
  
  d) providing the requesting entity controlled access to the user specific encryption information for encrypted communications that occur within the specific period of time, wherein the controlled access is based on the authorized level of access.
- View Dependent Claims (11, 12)
- - 11. The method of claim 10 further comprises providing a session key for at least one of the encrypted communications that occurred within the specific period of time.
  - 12. The method of claim 10 further comprises providing plain text of at least one of the encrypted communications that occurred within the specific period of time when the requesting entity has provided a ciphertext version and a wrapped key of the at least one of the encrypted communications.

13. A server comprising:
- a processing device;
  
  first memory for storing a copy of long term decryption private keys for each of a plurality of end-users; and
  
  second memory that stores programming instructions that, when read by the processing device, causes the processing device to (a) receive, from a requesting entity, a request for access to the user specific encryption information, wherein the requesting entity includes at least one of;
  
  one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
  
  (b) determine authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
  
  (c) provide the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21)
- - 14. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide at least one long term decryption private key to the one of the plurality of end-users when the requesting entity is the one of the plurality end-users.
  - 15. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide a long term decryption private key of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system.
  - 16. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide a session key of a particular communication of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system.
  - 17. The server of claim 16 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide a symmetric key encrypted under a public key of the one of the plurality of end-users as the session key, wherein the symmetric key is provided to the requesting entity as at least one of:
    - clear symmetric key, encrypted session key using a public key of the requesting entity, and encrypted using a unique symmetric key that is known by the server and the requesting entity.
  - 18. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide plain text of a particular communication of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system when the requesting entity has provided ciphertext with a wrapped key.
  - 19. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to:
20. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to generate an encryption public key certificate and a distinct signature public key certificate for an end-user of the plurality of users, and automatically, from time to time, update the encryption public key certificate and the distinct signature public key certificate.
21. The server of claim 13 further comprises, within the memory, programming instructions that, when read by the processing device, causes the processing device to provide a long term decryption private key of the one of the plurality of end-users when the requesting entity is a system administrator.

22. A digital storage medium that stores programming instructions that, when read by a processing device, causes the processing device to recover user specific encrypted information in a secure system, the digital storage medium comprises:
- first means for storing programming instructions that, when read by the processing device, causes the processing device to receive, from a requesting entity, a request for access to the user specific encrypted information, wherein the requesting entity includes at least one of;
  
  one of the plurality of end-users, a system administrator of the secure system, and a third party not affiliated with the secure system;
  
  second means for storing programming instructions that, when read by the processing device, causes the processing device to determine authorized level of access of the requesting entity to the user specific encryption information based on at least one of identity of the requesting entity and the request; and
  
  third means for storing programming instructions that, when read by the processing device, causes the processing device to provide the requesting entity with controlled access to the user specific encryption information based on the authorized level of access.
- View Dependent Claims (23, 24, 25, 26, 27, 28)
- - 23. The digital storage medium of claim 22 further comprises programming instructions that, when read by the processing device, causes the processing device to provide at least one long term decryption private key to the one of the plurality of end-users when the requesting entity is the one of the plurality end-users.
  - 24. The digital storage medium of claim 22 further comprises programming instructions that, when read by the processing device, causes the processing device to provide a long term decryption private key of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system.
  - 25. The digital storage medium of claim 22 further comprises programming instructions that, when read by the processing device, causes the processing device to provide a session key of a particular communication of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system.
  - 26. The digital storage medium of claim 25 further comprises programming instructions that, when read by the processing device, causes the processing device to provide a symmetric key encrypted under a public key of the one of the plurality of end-users as the session key.
  - 27. The digital storage medium of claim 22 further comprises programming instructions that, when read by the processing device, causes the processing device to provide plain text of a particular communication of the one of the plurality of end-users when the requesting entity is a third party not affiliated with the secure system and when the requesting entity has provided ciphertext.
  - 28. The digital storage medium of claim 22 further comprises programming instructions that, when read by the processing device, causes the processing device to:

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Entrust Incorporated (Entrust Corp.), Entrust Technologies Limited
Original Assignee
Entrust Technologies Limited
Inventors
Van Oorschot, Paul C., Moses, Timothy E.
Primary Examiner(s)
Barron, Jr., Gilberto

Application Number

US08/891,999
Time in Patent Office

1,394 Days
Field of Search

380/21, 380/30, 380/23, 380/25, 709/226, 709/229, 713/200, 713/201
US Class Current

713/150
CPC Class Codes

G06F 21/6209   to a single file or object,...

G06F 2211/008   Public Key, Asymmetric Key,...

G06F 2221/2107   File encryption

Method and apparatus for access to user-specific encryption information

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

300 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for access to user-specific encryption information

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

300 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links